If there is no “adequacy decision” regarding the country, territory or industry for your restricted transmission, then you should consider whether you can make the transmission subject to the “reasonable safeguards” listed in the GDPR. You can make a limited transfer if you and the recipient have concluded a contract containing standard data protection clauses adopted by the Commission. Where different categories of personal data may be transmitted within the group and those different categories are subject to different rules, it is particularly important to identify the data concerned. Where transfers are made on the basis of controllers to subcontractors or where transfers are made outside the EEA under the standard contractual clauses, the identification of the data is mandatory. Second, where transfers are made on the basis of officials to managers, the parties may establish contractual restrictions on the rights of beneficiaries and also assign responsibilities for compliance. Although the GDPR does not require that all transfers of responsibility to the controller are not subject to contractual rules and does not specify the content of these rules, the regulatory guidelines indicate that, in some cases, these rules may be necessary to comply with the general principles of data protection legislation (e.g. B this somewhat outdated code of conduct of the Uk ICO that we are currently reviewing). If the Court follows the opinion of the PDO, this local compliance check does not only concern the United States, but is necessary for all third countries for which CPCs are used as transfer vehicles. This could include major industrialized countries such as Brazil, India and even Britain after Brexit. If you make a limited transfer from a controller to a processor, you must also comply with the requirements of the GDPR regarding the use of subcontractors. Processing operations The personal data transmitted are subject to the following basic processing activities (specify) Data subjects The personal data transmitted concern the following categories of data subjects (please specify) 4.3 A written agreement on the processing of personal data with the controller that defines the rights and obligations of the controller and the processor. The processor acknowledges and agrees that the processing of all personal data that the processor makes available to the processor has been carried out and continues to be carried out by the processor, in accordance with the legislation in force and in accordance with the information provided to the data subjects. .